Page last updated at 12:37 GMT, Tuesday, 3 February 2009

Nato's cyber defence warriors

An unidentified blogger at his computer

By Frank Gardner
Security correspondent, BBC News

Nato officials have told the BBC their computers are under constant attack from organisations and individuals bent on trying to hack into their secrets.

The attacks keep coming despite the establishment of a co-ordinated cyber defence policy with a quick-reaction cyber team on permanent standby.

The cyber defence policy was set up after a wave of cyber attacks on Nato member Estonia in 2007, and more recent attacks on Georgia - so what are they defending against and how do they do it?

Tower of Babel

Nato's operational headquarters in Mons is a low, drab three-storey building - part of a sprawling complex set in rolling farmland south of Brussels.

Cyber Defence Dentre
Nato officials refuse to say who they think is behind the attacks

The blue and white flag of the 26-nation alliance flutters in the cold breeze alongside the spangled banner of the EU.

Inside the canteen it is like a Tower of Babel with almost every language of Europe competing to be heard above the clatter of trays and dishes.

Our escort, a German army officer in immaculate uniform, leads us down a corridor to a hushed room where 20 or so military analysts sit hunched over computers; their desert boots and camouflage fatigues strangely out of place for a windowless room in Belgium.

This, explains Chris Evis, is the Incident Management Section, which he heads.

"We face the full gamut of threats. It varies from your kiddie who's just trying to gain street cred amongst his friends to say he's just defaced a Nato system to more focused targeted attacks against Nato information".

Cyber attacks are not new - websites were being hacked into and brought down during the Kosovo war 10 years ago.

Cyber attack can bring down a complete national service, banking, media
Suleyman Anil
Nato Security Office

But when Estonia came under sustained cyber attack from Russian sympathisers in 2007, the alliance realised it needed a proper cyber defence policy and fast.

Suleyman Anil, a Turkish IT expert from the Nato Security Office is the man driving much of that policy.

"Estonia was the first time, in a large scale, [that we saw] possible involvement of state agencies; that the cyber attack can bring down a complete national service, banking, media... the other particular trait everyone is struggling to deal with... is lots of cyber espionage going on".

Mr Anil reveals that there has been more than one incidence of Nato officials being socially profiled, and then subjected to "targeted trojans".

He explains how their unseen adversaries gather as much information as possible about the individual then send them an email purporting to come from a friend or a relative.

Trojan horse

If they open the attachment then a sophisticated "worm" or "trojan" can, in theory, take over their computer, scan its files, send them on, delete them, or perhaps most damagingly, alter them without the user knowing.

This sort of activity goes on every day in the commercial world but for a military organisation like Nato there are obvious risks.

Chris Evis is at pains to point out that any material classified as "secret" is transmitted only internally, by secure intranet, rather than using the world wide web.

The gravest cyber threat to Nato is somebody altering the data without our knowing about it and finding out too late in the action
Chris Evis
Incident Management Section, Nato

But what happens, I ask, when someone mistakenly sends secret material over the internet?

The answer, it seems, is sitting in the corner of the room.

An Italian sergeant, who looks young enough to still be at school, is painstakingly scanning emails that have been automatically quarantined because they contain buzzwords like "Nato secret".

A glance over his shoulder reveals emails to and from Sarajevo, Baghdad and Kabul, evidence of Nato's newly expanded horizons.

They look innocuous enough and most of the time, explains the sergeant, it is a false alarm but sometimes even quite senior officers have transgressed and they get a serious talking to about online security.

Serious threats

When it comes to cyber espionage, Nato officials refuse to say who they think is behind the attacks, in fact our escorts can hardly wait to steer us off the subject.

Even if they were certain that they were originating, say, in China or Russia, it would be very hard for them to prove, so tortuous is the trail in cyberspace.

Instead, Chris Evis is happy to talk about how the threat is being tackled, explaining that they have a number of analysts who are constantly reviewing information, looking for the more serious threats.

"We have [about] 100 sensors at the moment deployed at something close to 30 different sites across the Nato countries... one of these sensors could be on the east coast of the United States, one could be in London, one could be in Iraq and a number of them could be in Afghanistan. All that information is simultaneously feeding back to us at the centre here."

So is cyber warfare the future of warfare?

Chris Evis says he believes it will be a factor within any future conflict.

"I think the gravest cyber threat to Nato is somebody altering the data without our knowing about it and [our] finding out too late in the action," he says.

"So when it's quiet it's probably too quiet, because there's always activity out there."

Print Sponsor

Estonia hit by 'Moscow cyber war'
17 May 07 |  Europe
The cyber raiders hitting Estonia
17 May 07 |  Europe
Russia accused of 'attack on EU'
02 May 07 |  Europe
Estonia unearths Soviet war dead
30 Apr 07 |  Europe
Tallinn tense after deadly riots
28 Apr 07 |  Europe
Country profile: Estonia
18 Jan 12 |  Country profiles

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific